On 17 jan 2011, at 12.56, Martin Paljak wrote: > Most smart cards, especially smart cards personalized by OpenSC, don't have > very fancy and varying managing capabilities, comparable to HSM-s.
Yes, so you probably have to create another set of review points in this case. > Yet an overall review of smart cards, their security models, FIPS validations > etc would do good, as this information is currently not systematically > gathered to OpenSC wiki nor easy to compare. We see that many are requesting some alternatives to the expensive HSM:s, but are not sure of what to buy. It would therefor be good to setup some review points so that you can compare the smart cards / USB-tokens. To date, we do not have so much extra time to commit on a second review and was wondering if there were someone else who could continue this work? > From the report: > "For the test of the PKCS#11 interface (review point A.2) we used a specially > developed test tool called pkcs11-testing. If desired, please contact the > authors to obtain the source code." > Feel free to e-mail me directly with this, if you don't want to publish it > anywhere. I wrote a program for the testing team. It perhaps needs some more work. Currently the functionality of e.g. DSA and ECDH is not tested, I only check the C_GetMechanismInfo. But you can find the code here: http://trac.opendnssec.org/browser/trunk/pkcs11-testing // Rickard _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
